A Detection and Investigation Model for the Capture and Analysis of Network Crimes
Received: 24 August 2023 | Revised: 7 September 2023 | Accepted: 12 September 2023 | Online: 13 October 2023
Corresponding author: Iman S. Alansari
Abstract
Investigation in the field of network forensics involves examining network traffic to identify, capture, preserve, reconstruct, analyze, and document network crimes. Although there are different perspectives on the practical and technical aspects of network forensics, there is still a lack of fundamental guidelines. This paper proposes a new detection and investigation model for capturing and analyzing network crimes, using design science research. The proposed model involves six processes: identification, verification, gathering, preservation, examination, analysis, and documentation. Each process is associated with several activities that provide the investigation team with a clear picture of exactly what needs to be performed. In addition, the proposed model has a unique activity, namely reporting. As a result, this model represents a comprehensive approach to network forensics investigations. It is designed to work in conjunction with established forensic techniques to ensure that forensic evidence from the network is collected and analyzed efficiently and effectively following accepted forensic procedures. The proposed model was compared with existing models in terms of completeness, showing that it is complete and can be adapted to any type of network and legal framework.
Keywords:
network forensics, digital forensics, design science researchDownloads
References
A. Al-Dhaqm, S. A. Razak, R. A. Ikuesan, V. R. Kebande, and K. Siddique, "A Review of Mobile Forensic Investigation Process Models," IEEE Access, vol. 8, pp. 173359–173375, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3014615
F. M. Ghabban, I. M. Alfadli, O. Ameerbakhsh, A. N. AbuAli, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Comparative Analysis of Network Forensic Tools and Network Forensics Processes," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Cameron Highlands, Malaysia, Jun. 2021, pp. 78–83. DOI: https://doi.org/10.1109/ICSCEE50312.2021.9498226
V. R. Kebande, R. A. Ikuesan, N. M. Karie, S. Alawadi, K.-K. R. Choo, and A. Al-Dhaqm, "Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments," Forensic Science International: Reports, vol. 2, Dec. 2020, Art. no. 100122. DOI: https://doi.org/10.1016/j.fsir.2020.100122
S. Abd Razak, N. H. Mohd Nazari, and A. Al-Dhaqm, "Data Anonymization Using Pseudonym System to Preserve Data Privacy," IEEE Access, vol. 8, pp. 43256–43264, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2977117
I. U. Onwuegbuzie, S. A. Razak, I. F. Isnin, T. S. J. Darwish, and A. Al-dhaqm, "Optimized backoff scheme for prioritized data in wireless sensor networks: A class of service approach," PLOS ONE, vol. 15, no. 8, 2020, Art. no. e0237154. DOI: https://doi.org/10.1371/journal.pone.0237154
W. A. H. Altowayti et al., "The Role of Conventional Methods and Artificial Intelligence in the Wastewater Treatment: A Comprehensive Review," Processes, vol. 10, no. 9, 2022. DOI: https://doi.org/10.3390/pr10091832
K. N. Qureshi et al., "A Blockchain-Based Efficient, Secure and Anonymous Conditional Privacy-Preserving and Authentication Scheme for the Internet of Vehicles," Applied Sciences, vol. 12, no. 1, 2022. DOI: https://doi.org/10.3390/app12010476
M. Rasool, N. A. Ismail, A. Al-Dhaqm, W. M. S. Yafooz, and A. Alsaeedi, "A Novel Approach for Classifying Brain Tumours Combining a SqueezeNet Model with SVM and Fine-Tuning," Electronics, vol. 12, no. 1, 2023. DOI: https://doi.org/10.3390/electronics12010149
M. Q. Mohammed et al., "Review of Learning-Based Robotic Manipulation in Cluttered Environments," Sensors, vol. 22, no. 20, 2022. DOI: https://doi.org/10.3390/s22207938
A. Ali et al., "Financial Fraud Detection Based on Machine Learning: A Systematic Literature Review," Applied Sciences, vol. 12, no. 19, 2022. DOI: https://doi.org/10.3390/app12199637
W. M. S. Yafooz, A. Al-Dhaqm, and A. Alsaeedi, "Detecting Kids Cyberbullying Using Transfer Learning Approach: Transformer Fine-Tuning Models," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 255–267. DOI: https://doi.org/10.1007/978-3-031-21199-7_18
A. Al-Dhaqm, R. A. Ikuesan, V. R. Kebande, S. Razak, and F. M. Ghabban, "Research Challenges and Opportunities in Drone Forensics Models," Electronics, vol. 10, no. 13, 2021. DOI: https://doi.org/10.3390/electronics10131519
A. Al-dhaqm et al., "Database Forensic Investigation Process Models: A Review," IEEE Access, vol. 8, pp. 48477–48490, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2976885
A. A. Alghamdi, "Computerised Information Security Using Texture Based Fuzzy Cryptosystem," Engineering, Technology & Applied Science Research, vol. 8, no. 6, pp. 3598–3602, Dec. 2018. DOI: https://doi.org/10.48084/etasr.2353
A. Al-Dhaqm, S. Abd Razak, S. H. Othman, A. Nagdi, and A. Ali, "A Generic Database Forensic Investigation Process Model," Jurnal Teknologi, vol. 78, no. 6–11, Jun. 2016. DOI: https://doi.org/10.11113/jt.v78.9190
M. A. Saleh, S. H. Othman, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Common investigation process model for Internet of Things forensics," in 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE), 2021, pp. 84–89. DOI: https://doi.org/10.1109/ICSCEE50312.2021.9498045
F. M. Alotaibi, A. Al-Dhaqm, W. M. S. Yafooz, and Y. D. Al-Otaibi, "A Novel Administration Model for Managing and Organising the Heterogeneous Information Security Policy Field," Applied Sciences, vol. 13, no. 17, 2023. DOI: https://doi.org/10.3390/app13179703
A. A. Zubair et al., "A Cloud Computing-Based Modified Symbiotic Organisms Search Algorithm (AI) for Optimal Task Scheduling," Sensors, vol. 22, no. 4, 2022. DOI: https://doi.org/10.3390/s22041674
A. E. Yahya, A. Gharbi, W. M. S. Yafooz, and A. Al-Dhaqm, "A Novel Hybrid Deep Learning Model for Detecting and Classifying Non-Functional Requirements of Mobile Apps Issues," Electronics, vol. 12, no. 5, 2023. DOI: https://doi.org/10.3390/electronics12051258
B. E. Sabir, M. Youssfi, O. Bouattane, and H. Allali, "Towards a New Model to Secure IoT-based Smart Home Mobile Agents using Blockchain Technology," Engineering, Technology & Applied Science Research, vol. 10, no. 2, pp. 5441–5447, Apr. 2020. DOI: https://doi.org/10.48084/etasr.3394
V. H. Le, N. Q. Luc, T. T. Dao, and Q. T. Do, "Building an Application that reads Secure Information Stored on the Chip of the Citizen Identity Card in Vietnam," Engineering, Technology & Applied Science Research, vol. 13, no. 1, pp. 10100–10107, Feb. 2023. DOI: https://doi.org/10.48084/etasr.5531
I. U. Onwuegbuzie, S. A. Razak, I. F. Isnin, A. Al-dhaqm, and N. B. Anuar, "Prioritized Shortest Path Computation Mechanism (PSPCM) for wireless sensor networks," PLOS ONE, vol. 17, no. 3, 2022, Art. no. e0264683. DOI: https://doi.org/10.1371/journal.pone.0264683
M. Salem, S. H. Othman, A. Al-Dhaqm, and A. Ali, "Development of Metamodel for Information Security Risk Management," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 243–253. DOI: https://doi.org/10.1007/978-3-031-21199-7_17
A. Al-Dhaqm et al., "CDBFIP: Common Database Forensic Investigation Processes for Internet of Things," IEEE Access, vol. 5, pp. 24401–24416, 2017. DOI: https://doi.org/10.1109/ACCESS.2017.2762693
A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3000747
A. Al-dhaqm, "Detecting Threats in Network Security by Analyzing Network Packets using Wireshark," presented at the International Conference of Recent Trends in Information and Communication Technologies, Chandigarh , India, Dec. 2014.
M. Qadeer, C. G. Hussain, and C. M. Hussain, "Computer Forensics and Personal Digital Assistants," in Modern Forensic Tools and Devices, John Wiley & Sons, Ltd, 2023, pp. 1–22. DOI: https://doi.org/10.1002/9781119763406.ch1
I. R. Adeyemi, S. A. Razak, and N. A. N. Azhan, "A Review of Current Research in Network Forensic Analysis," International Journal of Digital Crime and Forensics (IJDCF), vol. 5, no. 1, pp. 1–26, Jan. 2013. DOI: https://doi.org/10.4018/jdcf.2013010101
I. R. Adeyemi, S. A. Razak, and N. A. N. Azhan, "Identifying critical features for network forensics investigation perspectives." arXiv, Oct. 05, 2012.
M. Lagrasse, A. Singh, H. Munkhondya, A. Ikuesan, and H. Venter, "Digital forensic readiness framework for software-defined networks using a trigger-based collection mechanism," in ICCWS 2020 15th International Conference on Cyber Warfare and Security, Norfolk, VA, USA, Mar. 2020.
H. Munkhondya, A. R. Ikuesan, and H. S. Venter, "A Case for a Dynamic Approach to Digital Forensic Readiness in an SDN Platform," presented at the International Conference on Cyber Warfare and Security, Reading, UK, 2020.
G. SinghChhabra and P. Singh, "Distributed Network Forensics Framework: A Systematic Review," International Journal of Computer Applications, vol. 119, no. 19, pp. 31–35, Jun. 2015. DOI: https://doi.org/10.5120/21178-4201
Y. Tang and T. E. Daniels, "A Simple Framework for Distributed Forensics," presented at the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW’05), Jun. 2005, pp. 163–169.
T. Hong, Z. Tao, J. Qi, and Z. Jianbo, "A Distributed Framework for Forensics Based on the Content of Network Transmission," presented at the Instrumentation, Measurement, Computer, Communication and Control, International Conference on, Oct. 2011, pp. 852–855. DOI: https://doi.org/10.1109/IMCCC.2011.215
E. S. Pilli, R. C. Joshi, and R. Niyogi, "Network forensic frameworks: Survey and research challenges," Digital Investigation, vol. 7, no. 1, pp. 14–27, Oct. 2010. DOI: https://doi.org/10.1016/j.diin.2010.02.003
T. Gebhardt and H. P. Reiser, "Network Forensics for Cloud Computing," in Distributed Applications and Interoperable Systems, 2013, pp. 29–42. DOI: https://doi.org/10.1007/978-3-642-38541-4_3
W. Ren, "On A Reference Model of Distributed Cooperative Network, Forensics System.," presented at the The sixth International Conference on Information Integrationand Web-based Applications Services, Jakarta, Indonesia, Sep. 2004.
A. Ali, S. A. Razak, S. H. Othman, A. Mohammed, and F. Saeed, "A metamodel for mobile forensics investigation domain," PLOS ONE, vol. 12, no. 4, 2017, Art. no. e0176223. DOI: https://doi.org/10.1371/journal.pone.0176223
A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3008696
R. Wei, "A Framework of Distributed Agent-Based Network Forensics System," presented at the Digital Forensic Research Conference, Baltimore, MD, USA, Aug. 2004.
W. Ren and H. Jin, "Distributed agent-based real time network intrusion forensics system architecture design," presented at the 19th International Conference on Advanced Information Networking and Applications (AINA’05), Jan. 2005, vol. 1, pp. 177–182. DOI: https://doi.org/10.1109/AINA.2005.164
D. Wang, T. Li, S. Liu, J. Zhang, and C. Liu, "Dynamical Network Forensics Based on Immune Agent," in Proceedings of the Third International Conference on Natural Computation, USA, May 2007, vol. 3, pp. 651–656. DOI: https://doi.org/10.1109/ICNC.2007.345
B. Endicott-Popovsky, D. A. Frincke, and C. A. Taylor, "A Theoretical Framework for Organizational Network Forensic Readiness," Journal of Computers, vol. 2, no. 3, pp. 1–11, May 2007. DOI: https://doi.org/10.4304/jcp.2.3.1-11
S. Ngobeni, H. Venter, and I. Burke, "A Forensic Readiness Model for Wireless Networks," in Advances in Digital Forensics VI, Hong Kong, China, 2010, pp. 107–117. DOI: https://doi.org/10.1007/978-3-642-15506-2_8
E. S. Pilli, R. C. Joshi, and R. Niyogi, "A Framework for Network Forensic Analysis," in Information and Communication Technologies, Kochi, India, 2010, pp. 142–147. DOI: https://doi.org/10.1007/978-3-642-15766-0_21
R. Ammann, "Network Forensic Readiness: a bottom-up approach for IPv6 networks," MSc Thesis, Auckland University of Technology, New Zealand, 2012.
S. Ngobeni, H. S. Venter, and I. Burke, "The modelling of a digital forensic readiness approach for Wireless Local Area Networks," Journal of Universal Computer Science, vol. 18, no. 12, pp. 1721–1740, Jun. 2012.
M. Mulazzani, M. Huber, and E. Weippl, "Social Network Forensics: Tapping the Data Pool of Social Networks," 2012.
D. Avasthi, "Network Forensic Analysis with Efficient Preservation for SYN Attack," International Journal of Computer Applications, vol. 46, no. 24, pp. 17–22, May 2012.
A. Al-Mahrouqi, S. Abdalla, and T. Kechadi, "Network Forensics Readiness and Security Awareness Framework," presented at the International Conference on Embedded Systems in Telecommunications and Instrumentation (ICESTI 2014), Oct. 2014. DOI: https://doi.org/10.14569/IJACSA.2015.060617
C. Liu, A. Singhal, and D. Wijesekera, "Creating Integrated Evidence Graphs for Network Forensics," in Advances in Digital Forensics IX, Orlando, FL, USA, 2013, pp. 227–241. DOI: https://doi.org/10.1007/978-3-642-41148-9_16
M. Thapliyal, A. Bijalwan, N. Garg, and E. S. Pilli, "A Generic Process Model for Botnet Forensic Analysis," presented at the Conference on Advances in Communication and Control Systems (CAC2S 2013), Apr. 2013, pp. 98–102.
E. Saari and A. Jantan, "A framework to increase the accuracy of collected evidences in network forensic by integrating IDS and firewall mechanisms," in Proceedings of the International Conference on Systems, Control and Informatics, 2013.
S. Parate, "Application of Network Forensics for Detection of Web Attack using Neural Network," presented at the National Conference on Innovative Paradigms in Engineering & Technology, 2013.
A. R. Amran and A. Saad, "An evidential network forensics analysis model with adversarial capability and layering," in 2014 World Congress on Computer Applications and Information Systems (WCCAIS), Jan. 2014, pp. 1–9. DOI: https://doi.org/10.1109/WCCAIS.2014.6916615
S. Mittal and R. Singh, "Securing Network Flow Using Network Forensics," International Journal of Advanced Research in Computer Science and Software Engineering, vol. 6, no. 5, pp. 338–344, May 2016.
P. Kaur, A. Bijalwan, R. C. Joshi, and A. Awasthi, "Network Forensic Process Model and Framework: An Alternative Scenario," in Intelligent Communication, Control and Devices, Singapore, 2018, pp. 493–502. DOI: https://doi.org/10.1007/978-981-10-5903-2_50
S. J. Ngobeni and H. S. Venter, "Design of a wireless forensic readiness model (WFRM)," presented at the Information Security South Africa (ISSA2009) Conference, Johannesburg, South Africa, Jul. 2009.
A. Kyaw, B. Cusack, and R. Lutui, "Digital Forensic Readiness In Wireless Medical Systems," in 2019 29th International Telecommunication Networks and Applications Conference (ITNAC), Auckland, New Zealand, Aug. 2019. DOI: https://doi.org/10.1109/ITNAC46935.2019.9078005
R. Lu and L. Li, "Research on Forensic Model of Online Social Network," in 2019 IEEE 4th International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), Chengdu, China, Apr. 2019, pp. 116–119. DOI: https://doi.org/10.1109/ICCCBDA.2019.8725746
D. Saputra and The Society of Digital Information and Wireless Communication, "Network Forensics Analysis of Man in the Middle Attack Using Live Forensics Method," International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 1, pp. 66–73, 2019. DOI: https://doi.org/10.17781/P002558
H. Arshad, A. Jantan, G. K. Hoon, and I. O. Abiodun, "Formal knowledge model for online social network forensics," Computers & Security, vol. 89, Feb. 2020, Art. no. 101675. DOI: https://doi.org/10.1016/j.cose.2019.101675
N. Koroniotis, N. Moustafa, and E. Sitnikova, "A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework," Future Generation Computer Systems, vol. 110, pp. 91–106, Sep. 2020. DOI: https://doi.org/10.1016/j.future.2020.03.042
R. Nilesh Malvankar and A. Jain, "EnNetForens: An Efficient Proactive Approach For Network Forensic," in 2021 International Conference on Communication, Control and Information Sciences (ICCISc), Idukki, India, Jun. 2021, vol. 1, pp. 1–4. DOI: https://doi.org/10.1109/ICCISc52257.2021.9484865
W. Yang, M. N. Johnstone, S. Wang, N. M. Karie, N. M. bin Sahri, and J. J. Kang, "Network Forensics in the Era of Artificial Intelligence," in Explainable Artificial Intelligence for Cyber Security: Next Generation Artificial Intelligence, M. Ahmed, S. R. Islam, A. Anwar, N. Moustafa, and A.-S. K. Pathan, Eds. Cham, Switzerland: Springer International Publishing, 2022, pp. 171–190. DOI: https://doi.org/10.1007/978-3-030-96630-0_8
A. Wijayanto, I. Riadi, and Y. Prayudi, "TAARA Method for Processing on the Network Forensics in the Event of an ARP Spoofing Attack," Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 7, no. 2, pp. 208–217, Mar. 2023. DOI: https://doi.org/10.29207/resti.v7i2.4589
I. U. Onwuegbuzie, S. A. Razak, and A. Al-Dhaqm, "Multi-Sink Load-Balancing Mechanism for Wireless Sensor Networks," in 2021 IEEE International Conference on Computing (ICOCO), Kuala Lumpur, Malaysia, Aug. 2021, pp. 140–145. DOI: https://doi.org/10.1109/ICOCO53166.2021.9673578
A. Al-dhaqm, S. Razak, S. H. Othman, A. Ngadi, M. N. Ahmed, and A. A. Mohammed, "Development and validation of a Database Forensic Metamodel (DBFM)," PLOS ONE, vol. 12, no. 2, 2017, Art. no. e0170793. DOI: https://doi.org/10.1371/journal.pone.0170793
A. Al-Dhaqm et al., "Digital Forensics Subdomains: The State of the Art and Future Directions," IEEE Access, vol. 9, pp. 152476–152502, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3124262
A. Al-Dhaqm, W. M. S. Yafooz, S. H. Othman, and A. Ali, "Database Forensics Field and Children Crimes," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. Cham, Switzerland: Springer International Publishing, 2023, pp. 81–92. DOI: https://doi.org/10.1007/978-3-031-21199-7_6
A. M. R. Al-Dhaqm, S. H. Othman, S. Abd Razak, and A. Ngadi, "Towards adapting metamodelling technique for database forensics investigation domain," in 2014 International Symposium on Biometrics and Security Technologies (ISBAST), Kuala Lumpur, Malaysia, Dec. 2014, pp. 322–327. DOI: https://doi.org/10.1109/ISBAST.2014.7013142
S. R. Selamat, R. Yusof, and S. Sahib, "Mapping Process of Digital Forensic Investigation Framework," International Journal of Computer Science and Network Security, vol. 8, no. 10, pp. 163–169, Oct. 2008.
A. Ali, S. A. Razak, S. H. Othman, R. R. Marie, A. Al-Dhaqm, and M. Nasser, "Validating Mobile Forensic Metamodel Using Tracing Method," in Advances on Intelligent Informatics and Computing, 2022, pp. 473–482. DOI: https://doi.org/10.1007/978-3-030-98741-1_39
Downloads
How to Cite
License
Copyright (c) 2023 Iman S. Alansari
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.